On Thu, May 20, 2004 at 11:01:45PM +0100, Josef Karthauser wrote: +> I was wondering whether someone might help me out. +> +> There's a couple of sysctls in -current: +> +> security.bsd.see_other_uids: 1 +> security.bsd.see_other_gids: 1 +> +> These effectively allow one to prevent users from spying on each +> other. +> +> What I need to do is to disable these within jails, but not in the +> host enviroment. The reason I need this is that I'm running the +> FreeBSD election on a box of mine, but I don't want to have to clear +> these globally. +> +> Would someone have the time to hack me a patch to do this? It doesn't +> have to be clean, although evenually I'd like to see something like +> this committed to freebsd operating on a sysctl. Implementation wouldn't be probably too hard, but I can't agree it should be committed. We need to know where jail's virtualization ends and I think it is too far. Of course it will be cool to have those sysctl on per-jail basics, as well as others from security.bsd. tree (like security.bsd.suser_enabled), but I'm not sure this is the right way to go. Any other opinions? If someone convince me we should do it, I can do it. -- Pawel Jakub Dawidek http://www.FreeBSD.org pjd_at_FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am!
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:54 UTC